Bug 29381

Summary:	haproxy new security issues CVE-2021-3924[0-2]
Product:	Mageia	Reporter:	David Walser <luigiwalser>
Component:	Security	Assignee:	Bruno Cornec <bruno>
Status:	RESOLVED FIXED	QA Contact:	Sec team <security>
Severity:	normal
Priority:	Normal	CC:	jani.valimaa
Version:	Cauldron
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:
Source RPM:	haproxy-2.4.2-5.mga9.src.rpm	CVE:
Status comment:

Description David Walser 2021-08-18 16:19:38 CEST

Debian and Ubuntu have issued advisories on August 17:
https://www.debian.org/security/2021/dsa-4960
https://ubuntu.com/security/notices/USN-5042-1

The issues are fixed upstream in 2.4.3:
https://www.haproxy.com/blog/august-2021-haproxy-2-0-http-2-vulnerabilities-fixed/
https://www.mail-archive.com/haproxy@formilux.org/msg41041.html

David Walser 2021-08-18 16:19:46 CEST

Status comment: (none) => Fixed upstream in 2.4.3

Comment 1 David Walser 2021-08-21 20:53:09 CEST

haproxy-2.4.3-1.mga9 uploaded for Cauldron by Jani.

Resolution: (none) => FIXED
CC: (none) => jani.valimaa
Status: NEW => RESOLVED
Status comment: Fixed upstream in 2.4.3 => (none)